Security Vulnerabilities - CVEs Published In December 2024
Service logic error vulnerability in the system service module
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-12-12
File replacement vulnerability on some devices
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-12
Vulnerability of improper access control in the secure input module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-12-12
Denial of service (DoS) vulnerability in the installation module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-12-12
Race condition vulnerability in the DDR module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-12-12
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.
CVSS Score
8.7
EPSS Score
0.0
Published
2024-12-12
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.
CVSS Score
4.0
EPSS Score
0.0
Published
2024-12-12
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-12
Vulnerability of improper access control in the MTP module
Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-12-12
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure.
CVSS Score
3.1
EPSS Score
0.0
Published
2024-12-12